Bug 739068
Summary: | ipa-client-install --password=$PASSWORD will cause /var/log/ipaclient-install.log to contain the password. | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Rob Crittenden <rcritten> | |
Component: | ipa-client | Assignee: | Rob Crittenden <rcritten> | |
Status: | CLOSED ERRATA | QA Contact: | ||
Severity: | unspecified | Docs Contact: | ||
Priority: | high | |||
Version: | 5.6 | CC: | grajaiya, jgalipea, mkosek | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-client-2.0-19.el5 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 741677 (view as bug list) | Environment: | ||
Last Closed: | 2012-02-21 05:42:28 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 741677 |
Description
Rob Crittenden
2011-09-16 13:32:49 UTC
This is in the RHEL 5 ipa-client, not the 6.x ipa-client. RHEL 5.7 x86_64, ipa-client-2.0-14.el5_7.1 Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/4487a9564b42cdedf6bb4a84134286a131583494 ipa-2-1: https://fedorahosted.org/freeipa/changeset/ad37727150abecb19a55fe7ae18bccb3a63052b9 Checking in ipa-client.spec; /cvs/dist/rpms/ipa-client/RHEL-5/ipa-client.spec,v <-- ipa-client.spec new revision: 1.11; previous revision: 1.10 done RCS file: /cvs/dist/rpms/ipa-client/RHEL-5/ipa-otp-nolog.patch,v done Checking in ipa-otp-nolog.patch; /cvs/dist/rpms/ipa-client/RHEL-5/ipa-otp-nolog.patch,v <-- ipa-otp-nolog.patch initial revision: 1.1 done Checking in ipa-python24.patch; /cvs/dist/rpms/ipa-client/RHEL-5/ipa-python24.patch,v <-- ipa-python24.patch new revision: 1.2; previous revision: 1.1 done [root@hp-dl360g5-01 ~]# ipa-client-install --principal=admin --password=Secret123 DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): lab.eng.pnq.redhat.com DNS discovery failed to find the IPA Server Provide your IPA server name (ex: ipa.example.com): bumblebee.lab.eng.pnq.redhat.com The failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured. Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Hostname: hp-dl360g5-01.rhts.eng.bos.redhat.com Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: bumblebee.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM SSSD enabled NTP enabled Client configuration complete. [root@hp-dl360g5-01 ~]# /var/log/ipaclient-install.log: 2011-12-15 04:07:56,383 DEBUG [ipadnssearchldap] 2011-12-15 04:07:56,410 DEBUG IPA Server not found 2011-12-15 04:08:03,602 DEBUG will use server: bumblebee.lab.eng.pnq.redhat.com 2011-12-15 04:08:03,602 DEBUG [ipadnssearchkrb] 2011-12-15 04:08:03,626 DEBUG [ipacheckldap] 2011-12-15 04:08:04,314 DEBUG args=/usr/bin/wget -O /tmp/tmpZJF47D/ca.crt -T 15 -t 2 http://bumblebee.lab.eng.pnq.redhat.com/ipa/config/ca.crt 2011-12-15 04:08:04,315 DEBUG stdout= 2011-12-15 04:08:04,315 DEBUG stderr=--2011-12-15 04:08:03-- http://bumblebee.lab.eng.pnq.redhat.com/ipa/config/ca.crt Resolving bumblebee.lab.eng.pnq.redhat.com... 10.65.201.64 Connecting to bumblebee.lab.eng.pnq.redhat.com|10.65.201.64|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1361 (1.3K) [application/x-x509-ca-cert] Saving to: `/tmp/tmpZJF47D/ca.crt' 0K . 100% 92.7M=0s 2011-12-15 04:08:04 (92.7 MB/s) - `/tmp/tmpZJF47D/ca.crt' saved [1361/1361] 2011-12-15 04:08:04,315 DEBUG Init ldap with: ldap://bumblebee.lab.eng.pnq.redhat.com:389 2011-12-15 04:08:06,038 DEBUG Search LDAP server for IPA base DN 2011-12-15 04:08:06,374 DEBUG Check if naming context 'dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com' is for IPA 2011-12-15 04:08:06,710 DEBUG Naming context 'dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com' is a valid IPA context 2011-12-15 04:08:06,710 DEBUG Search for (objectClass=krbRealmContainer) in dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com(sub) 2011-12-15 04:08:07,063 DEBUG Found: [('cn=LAB.ENG.PNQ.REDHAT.COM,cn=kerberos,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com', {'krbSubTrees': ['dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com'], 'cn': ['LAB.ENG.PNQ.REDHAT.COM'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] 2011-12-15 04:08:09,515 DEBUG will use cli_realm: LAB.ENG.PNQ.REDHAT.COM 2011-12-15 04:08:09,515 DEBUG will use cli_basedn: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com 2011-12-15 04:08:12,291 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://bumblebee.lab.eng.pnq.redhat.com/ipa/config/ca.crt 2011-12-15 04:08:12,291 DEBUG stdout= 2011-12-15 04:08:12,291 DEBUG stderr=--2011-12-15 04:08:11-- http://bumblebee.lab.eng.pnq.redhat.com/ipa/config/ca.crt Resolving bumblebee.lab.eng.pnq.redhat.com... 10.65.201.64 Connecting to bumblebee.lab.eng.pnq.redhat.com|10.65.201.64|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1361 (1.3K) [application/x-x509-ca-cert] Saving to: `/etc/ipa/ca.crt' 0K . 100% 92.7M=0s 2011-12-15 04:08:12 (92.7 MB/s) - `/etc/ipa/ca.crt' saved [1361/1361] 2011-12-15 04:08:12,332 DEBUG args=/usr/sbin/ntpdate -U ntp -s -b bumblebee.lab.eng.pnq.redhat.com 2011-12-15 04:08:12,332 DEBUG stdout= 2011-12-15 04:08:12,332 DEBUG stderr= 2011-12-15 04:08:12,347 DEBUG args=/usr/sbin/ntpdate -U ntp -s -b bumblebee.lab.eng.pnq.redhat.com 2011-12-15 04:08:12,347 DEBUG stdout= 2011-12-15 04:08:12,347 DEBUG stderr= 2011-12-15 04:08:12,361 DEBUG args=/usr/sbin/ntpdate -U ntp -s -b bumblebee.lab.eng.pnq.redhat.com 2011-12-15 04:08:12,361 DEBUG stdout= 2011-12-15 04:08:12,361 DEBUG stderr= 2011-12-15 04:08:12,362 DEBUG Writing Kerberos configuration to /tmp/tmpAp0KUM: #File modified by ipa-client-install [libdefaults] default_realm = LAB.ENG.PNQ.REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] LAB.ENG.PNQ.REDHAT.COM = { kdc = bumblebee.lab.eng.pnq.redhat.com:88 admin_server = bumblebee.lab.eng.pnq.redhat.com:749 default_domain = lab.eng.pnq.redhat.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM 2011-12-15 04:08:13,245 DEBUG args=kinit admin.PNQ.REDHAT.COM 2011-12-15 04:08:13,245 DEBUG stdout=Password for admin.PNQ.REDHAT.COM: 2011-12-15 04:08:13,245 DEBUG stderr= 2011-12-15 04:08:19,990 DEBUG args=/usr/sbin/ipa-join -s bumblebee.lab.eng.pnq.redhat.com -b dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com 2011-12-15 04:08:19,990 DEBUG stdout= 2011-12-15 04:08:19,990 DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=LAB.ENG.PNQ.REDHAT.COM 2011-12-15 04:08:20,140 DEBUG args=kdestroy 2011-12-15 04:08:20,140 DEBUG stdout= 2011-12-15 04:08:20,141 DEBUG stderr= 2011-12-15 04:08:20,141 DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2011-12-15 04:08:20,141 DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2011-12-15 04:08:20,142 DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2011-12-15 04:08:20,142 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-15 04:08:20,183 DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2011-12-15 04:08:20,183 DEBUG stdout= 2011-12-15 04:08:20,183 DEBUG stderr= 2011-12-15 04:08:20,184 DEBUG Backing up system configuration file '/etc/krb5.conf' 2011-12-15 04:08:20,184 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-15 04:08:20,185 DEBUG Writing Kerberos configuration to /etc/krb5.conf: #File modified by ipa-client-install [libdefaults] default_realm = LAB.ENG.PNQ.REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] LAB.ENG.PNQ.REDHAT.COM = { kdc = bumblebee.lab.eng.pnq.redhat.com:88 admin_server = bumblebee.lab.eng.pnq.redhat.com:749 default_domain = lab.eng.pnq.redhat.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM 2011-12-15 04:08:20,237 DEBUG args=/sbin/service messagebus start 2011-12-15 04:08:20,237 DEBUG stdout=Starting system message bus: 2011-12-15 04:08:20,238 DEBUG stderr= 2011-12-15 04:08:20,359 DEBUG args=/sbin/service certmonger restart 2011-12-15 04:08:20,359 DEBUG stdout=Stopping certmonger: [FAILED] Starting certmonger: [ OK ] 2011-12-15 04:08:20,360 DEBUG stderr= 2011-12-15 04:08:20,518 DEBUG args=/sbin/service certmonger restart 2011-12-15 04:08:20,519 DEBUG stdout=Stopping certmonger: [ OK ] Starting certmonger: [ OK ] 2011-12-15 04:08:20,519 DEBUG stderr= 2011-12-15 04:08:20,553 DEBUG args=/sbin/chkconfig certmonger on 2011-12-15 04:08:20,553 DEBUG stdout= 2011-12-15 04:08:20,553 DEBUG stderr= 2011-12-15 04:08:20,738 DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - hp-dl360g5-01.rhts.eng.bos.redhat.com -N CN=hp-dl360g5-01.rhts.eng.bos.redhat.com,O=LAB.ENG.PNQ.REDHAT.COM -K host/hp-dl360g5-01.rhts.eng.bos.redhat.com.PNQ.REDHAT.COM 2011-12-15 04:08:20,739 DEBUG stdout=New signing request "20111215090820" added. 2011-12-15 04:08:20,739 DEBUG stderr= 2011-12-15 04:08:20,803 DEBUG args=/sbin/service nscd status 2011-12-15 04:08:20,804 DEBUG stdout=nscd (pid 11544) is running... 2011-12-15 04:08:20,804 DEBUG stderr= 2011-12-15 04:08:20,854 DEBUG args=/sbin/service nscd stop 2011-12-15 04:08:20,854 DEBUG stdout=Stopping nscd: [ OK ] 2011-12-15 04:08:20,854 DEBUG stderr= 2011-12-15 04:08:20,886 DEBUG args=/sbin/chkconfig nscd off 2011-12-15 04:08:20,887 DEBUG stdout= 2011-12-15 04:08:20,887 DEBUG stderr= 2011-12-15 04:08:20,887 DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2011-12-15 04:08:20,888 DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2011-12-15 04:08:21,403 DEBUG args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd 2011-12-15 04:08:21,404 DEBUG stdout=Stopping sssd: [FAILED] [ OK ] sssd: [ OK ] 2011-12-15 04:08:21,404 DEBUG stderr=cat: /var/run/sssd.pid: No such file or directory 2011-12-15 04:08:21,418 DEBUG args=getent passwd admin 2011-12-15 04:08:21,418 DEBUG stdout= 2011-12-15 04:08:21,418 DEBUG stderr= 2011-12-15 04:08:26,128 DEBUG args=getent passwd admin 2011-12-15 04:08:26,128 DEBUG stdout=admin:*:715400000:715400000:Administrator:/home/admin:/bin/bash 2011-12-15 04:08:26,128 DEBUG stderr= 2011-12-15 04:08:26,129 DEBUG Backing up system configuration file '/etc/ntp/step-tickers' 2011-12-15 04:08:26,130 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-15 04:08:26,286 DEBUG args=/sbin/restorecon /etc/ntp/step-tickers 2011-12-15 04:08:26,287 DEBUG stdout= 2011-12-15 04:08:26,287 DEBUG stderr= 2011-12-15 04:08:26,303 DEBUG args=/sbin/chkconfig ntpd 2011-12-15 04:08:26,304 DEBUG stdout= 2011-12-15 04:08:26,304 DEBUG stderr= 2011-12-15 04:08:26,304 DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2011-12-15 04:08:26,304 DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2011-12-15 04:08:26,304 DEBUG Backing up system configuration file '/etc/ntp.conf' 2011-12-15 04:08:26,305 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-15 04:08:26,442 DEBUG args=/sbin/restorecon /etc/ntp.conf 2011-12-15 04:08:26,442 DEBUG stdout= 2011-12-15 04:08:26,442 DEBUG stderr= 2011-12-15 04:08:26,443 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2011-12-15 04:08:26,443 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-15 04:08:26,599 DEBUG args=/sbin/restorecon /etc/sysconfig/ntpd 2011-12-15 04:08:26,599 DEBUG stdout= 2011-12-15 04:08:26,600 DEBUG stderr= 2011-12-15 04:08:26,613 DEBUG args=/sbin/chkconfig ntpd on 2011-12-15 04:08:26,613 DEBUG stdout= 2011-12-15 04:08:26,613 DEBUG stderr= 2011-12-15 04:10:20,012 DEBUG args=/sbin/service ntpd restart 2011-12-15 04:10:20,012 DEBUG stdout=Shutting down ntpd: [ OK ] ntpd: Synchronizing with time server: [ OK ] Syncing hardware clock to system time [ OK ] Starting ntpd: [ OK ] 2011-12-15 04:10:20,012 DEBUG stderr= [root@hp-dl360g5-01 ~]# Verified in version: ipa-client-2.1.3-1.el5 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0190.html |